Prior to examination of the above-captioned application, kindly enter the following 
Amendment: 



IN THE CLAIMS : 



Please cancel claims 2-82 without prejudice or disclaimer of the subject matter thereof. 



Please add claims 83-163 as follows: 



53. A method for an authority to authenticate certificate information provided to a intermediary in 
a nm^ner that enables an end user to verify portions of the information, comprising: 
mapping the information into a plurality of certificate values; 

(b) X^onstructing an authenticated tree having an authenticated root and having 
^cate nodes corresponding^the'^ett|ficate values; 

(c) the interihqdiary obtaining the authenticated root and at least one of the certificate 
nodes; and 

(d) the intermediary causing the ehd user to receive verification data including at least 
one of: the authenticated root, one of the certificate nodes, and one of the node 
values of the authenticated tree^ 

(e) the end user verifying the certificateWng at least a portion the verification data. 



84. A method according to claim 83, wherein the intermediary obtains the authenticated root and 
at least one of the certificate nodes from the authority. 
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85. A method according to claim 83, wherein the end user receives the authenticated root from 
the\intermediary. 

86. Amethod according to claim 83, wherein the end user receives the authenticated root 
from the authority. 

87. A methodVccording to claim 83, wherein the end user receives the authenticated root 
from the authority. \ 

iser receives at least one of the certificate 

89. A method according to clain^83, wherein the root is authenticated with a digital signature. 

90. A method according to claim 89, wherein the digital signature is verifiable by the end user. 

91. A method according to claim 83, wherein the certificate values indicate which certificates have 
been revoked. \ 

92. A method according to claim 91, wherein the certificate values include a date of revocation 
for the certificates that have been revoked. \ 



88. A method according to claim 83, wherein/the 
nodes from the intermedia 
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9j\ A method according to claim 83, wherein the certificate values indicate which certificates are 
valid) 

94. A method according to claim 93, wherein the certificate values include a date of expiration for 
the certificates that are valid. 

95. A method according to claim 83, wherein the certificate values indicate which certificates have 
been issued. 

V ^ 96. A method according to claim 95, wherein th^^cei^ificate values include a date of issue for the 
certificates that have been issue*; 



97. A method according to claim 83, wherein the certificateydues indicate which certificates have 
been revoked and which certificates are Valid. 

98. A method according to claim 83, wherein the certificate values indicate which certificates have 
been revoked and which certificates have been issued. 

99. A method according to claim 83, wherein the certificate values indicate which certificates are 
valid and which certificates have been issued. 



100. A method according to claim 83, wherein the certificate values indicate which certificates 
have been revoked, which certificates are valid, and which certificates have been issued. 



295754.1 



-4- 



IOIaA method according to claim 83, wherein values of the internal nodes are obtained by 
performing a one-way hash of the values of the children thereof. 

102. A method\ccording to claim 101, wherein the value of at least one of the internal nodes is 
obtained by performing a one-way hash of a combination of the values of the children of the 
internal node and a value of the internal node. 

103. A method according to claim 102, wherein the value of the internal node indicates a position 
of the internal node within the tree. 




104. A method according to claim 83, ^herein at lejast one of the certificate nodes corresponds to 
more than one certificate. 

105. A method according to claim 83, wherein mapping and constructing are performed by the 
authority. 

106. A method according to claim 91, wherein mapping an^ constructing are performed by the 
authority. 

107. A method according to claim 83, wherein certificate informatic^ determines locations of the 
nodes within the authenticated tree. 
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108. A method according to claim 83, wherein the certificate information determines the 
certificate nodes corresponding to the certificate values mapped from the certificate information. 

109. A method according to claim 108, wherein positions of nodes within the authenticated tree 
provide at leW a portion of the certificate information. 



1 10. A method according to claim 109, wherein/the c&ftificate information includes serial numbers 
for each of the certificates. 

1 1 1. A method according t<a claim 106, wherein the certificate information relates to certificates 
having serial numbers that determine the certirteatiorfnodes. 



1 12. A method according to claim 106, wherein the authority also revokes certificates. 

1 13. A method according to claim 95, wherein mapping and constructing are performed by the 
authority, 

1 14. A method according to claim 113, wherein the authority also issues certificates. 



1 15. A method according to claim 83, wherein the certificate values correspond to serial numbers 
of the certificates. 
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1 16.\A method according to claim 1 15, wherein the certificate values correspond to serial 
numberk of the certificates combined with additional information. 



1 17. A metho^ according to claim 83, wherein the authenticated root contains additional 
information. 

1 18. A method according to claim 1 17, wherein the^dditfynal information includes date 
information. 

1 19. A method according to claim 117, whereimthe additional information includes an indication 
of at least one of: revoked, issued, and valid for describing the certificate information 
corresponding to the certificate nodes of the authenticated tree. 

120. A method according to claim 83, whereu^ the certificate nodes are leaf nodes of the 
authenticated tree. 

121. A method according to claim 83, wherein the intermediary causes authenticating values of at 
least one of the certificate nodes to be provided to the end\iser. 

122. A method according to claim 83, wherein the certificate information includes serial numbers 
of the certificates. 
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123\A method according to claim 122, wherein location of the certificate nodes within the 
authenticated tree varies according to the certificate values. 

124. A method for a intermediary to prove to an end user that certificate information is 
authenticated byVi authority, comprising: 

(a) obtaining at least a portion of an authenticated tree having certificate nodes 
corresponding to certificate values indicative of the information; and 

(b) causing the^end user to receive at least onelJf^the following values: certificate 
values, authenticating values of certificate valjies, and one or more node values 
authenticated by authority. 

125. A method according to claim 124/^vherein at least one of the authenticated node values is 
the root value. 

126. A method according to claim 124, wherein the user receives at least one of: a certificate 
value, a node value, and an authenticated node value\ 

127. A method according to claim 124, wherein the user usfes at least a value that the intermediary 
caused the user to receive to verify the authenticity of the certificate information 

128. A method according to claim 127, wherein the end user verifiesvthe authenticity of the 
certificate information via an authentication path of at least one certificate node 
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129. method according to claim 124, wherein the authenticated tree values and the 
authenticated node values change over time. 

130. A method according to claim 124, wherein the intermediary sends at least one of: a 
certificate value, a node vakje^^ an authenticated node^alue. 

13 1 . A method according to >cl^ th^ite^ can prove to the user that a 
certificate information does not coiresponfcUo a ceraficate that was issued. 

132. A method according to claim 124, wherein the rcrtermediary can prove to the end user that a 
given serial number does not correspond to any issued cehtficate of a given CA. 

133. A method according to claim 124, wherein the certificates areViblic key certificates. 
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(b) 



method for a intermediary to prove to an end user that certificate information is 
authentib^!fe(l by an authority, comprising: 

obtaining an authenticated tree having certificate nodes corresponding to 

^ficate values indicative of the information; 
obtaining an authenticated root of the authenticated tree, wherein the authenticated 
root pr^^that the authority authenticated the tree; 

(c) causing the e^d user to receive certificate values and to receive authenticating 
values of certificate values; and 

(d) causing the end useV to receive the authenticated root, whereby the authenticated 
root and authenticatingsyalues are used by the user to verify the certificate values. 




135. A certificate revocation system in whicrkone or more authorities iss«6and revoke certificates 

A ^ — ^ 

and an intermediary provides end users certificat^information authenticated by the one or more 
authorities having the intermediary prove to an endviser that a given certificate has not been 
issued by a given authority by a given date by providing^ piece of information generated by the 
given authority. 

136. A certificate revocation system, according to claim 135, wherein the piece of information 
includes a digital signature of the authority. 

137. A certificate revocation system, according to claim 136, wherein the piece of information can 
be verified by the end user in conjunction with a separate piece of information generated by the 
authority. 
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1 J8. A certificate revocation system, according to claim 137, wherein the separate piece of 
information includes a digital signature of the authority 

139. A certificate revocation system, according to claim 138, wherein the piece of information 
includes at least on\value of a node in an authenticated tree. 



140. A certificate revocation system, according to cl; 
information is the authenticateaNroot of the authei 



141. A method for authenticating certificate revocation informaticm about a plurality of 
certificates, each having a certificate identifier belonging to a set of possible identifiers, 




wherein the separate piece of 



comprising: 
(a) 

(b) 



(c) 



(d) 



for all of the certificate identifiers, mapping the revocation information into a 
plurality of certificate revocation values* 

constructing a tree having certificate node\containing the certificate revocation 
values, wherein, for each possible certificate identifier, the tree is guaranteed to 



contain at least one node having a certificate revocation value indicating whether a 
certificate corresponding to the certificate identifier^t^oked; 
storing values within internal nodes of the tree, wherein the values stored in the 
internal nodes authenticate values contained in children thereof; and 
authenticating a root certificate node of the tree to provide an authenticated root. 
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\A2. A method according to claim 141, wherein an intermediary obtains the authenticated root 
and at least one of the certificate nodes from an authority that authenticates the root. 



143. A method according to claim 142, wherein an end user receives the authenticated root from 
the authority. 



144. A method according to claim 143, wherein the end user receives at least one of the 
certificate nodes from the authority. . 




145. A method, according to claim\144, wherein the root is authenticated with a digital signature 



146. A method according to claim 145, wfreraq^t he dj gftakgignature is verified by an end user. 



147. A method according to claim 141, wherein the certificate nodes are leaf nodes of the tree. 



148. A method according to claim 141, wherein an intermediary causes authenticating values of at 



^rm 



least one of the certificate nodes to be provided to an endoiser. 



149. A method according to claim 141, wherein an intermediaiyxonstructs the tree. 



150. A method according to claim 141, wherein an authority constructs the tree. 
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lsY A method for authenticating certificate revocation information about a plurality of 
certificates, each having a certificate identifier belonging to a set of possible identifiers, 



comprising 
(a) 

(b) 



(c) 



(d) 



for all of the certificate identifiers, mapping the revocation information into a 
plurality of certificate revocation values; 

constructing at least one tree having certificate nodes containing the certificate 
revocation values, wherein, for each possible certificate identifier, the at least one 
tree is guaranteed to contain at least one node having a certificate revocation value 
indicating whether a certificate coijespoft^ing to the certificate identifier is 
revoked; 

storing values within internal njbdes of the at least one tree, wherein the values 
stored in the internal nodes authenticate valugS'Contained in children thereof; and 
authenticating a root certificate node of the at least one tree to provide an 
authenticated root. 



152. A method according to claim 151, wherein an intermediary obtains the authenticated root 
and at least one of the certificate nodes from an authority. 

153. A method according to claim 152, wherein the certificate\iodes are leaf nodes of the at least 
one tree. 



154. A method according to claim 151, wherein the certificate values include a date of issue for 
the certificates that have been issued. 
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ISsN^method according to claim 151, wherein the end user receives the authenticated root from 
an intermediary. 



156. A method according to claim 151, wherein the end user receives the authenticated root 
from an authority. 



157. A method according to claim 151, wherein^an^nd user receives the authenticated root 
from an authority. 




158. A method according to claimMSl, wherein an end user receives at least one of the certificate 
nodes from an intermediary. 



159. A method according to claim 151, wherein the root is authenticated with a digital signature. 



160. A method according to claim 159, wherein the digital signature is verifiable by the end user. 



161. A method according to claim 151, wherein the certificate values indicate which certificates 
are valid. 



162. A method according to claim 161, wherein the certificate values include a date of expiration 
for the certificates that are valid. 
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